CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm News•added 3 days ago•3 views

Quantum Resonance Encryption for Secure Data Storage and Communication with Quantum Kicked Top

In a shared quantum computer, how to ensure data privacy and protection from access by unauthorized parties? We propose a genuine quantum protocol for protecting user's data which is not accessible even to the service provider. The protocol is based on quantum kicked top -- the dynamics of a spin...

5.8AI score

OSV•added 6 days ago•4 views

OESA-2026-2487 jq security update

jq is a lightweight and flexible command-line JSON processor. you can use it to slice and filter and map and transform structured data. It is written in portable C, and it has zero runtime dependencies. it can mangle the data format that you have into the one that you want. Security Fixes: jq is ...

7.3CVSS6AI score0.0002EPSS

Exploits7References8

Tenable Nessus•added 6 days ago•7 views

ImageMagick < 6.9.13-48 / 7.x < 7.1.2-22 Vulnerability

The remote host has a version of ImageMagick installed that is prior to 6.9.13-48 or 7.x prior 7.1.2-22. It is, therefore, affected by a vulnerability. â An invalid connected-components:keep-top value could result in a heap buffer over-read when performing the connected components operation...

6AI score

Positive Technologies•added 6 days ago•6 views

PT-2026-45040

Summary modules/documents-files.php mode file rename save shares the same root-cause shape as the cross-folder move bug 05-documents-cross-folder-move-idor.md: the top-level rights check at lines 79-89 validates hasUploadRight on the URL parameter folder uuid, but the rename operation acts on fil...

6.5CVSS5.8AI score

OSV•added 2026/05/28 8:16 a.m.•2 views

DEBIAN-CVE-2026-44604

A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...

OSV•added 2026/05/28 8:16 a.m.•5 views

Exploits0References1

UBUNTU-CVE-2026-44604

Debian CVE•added 2026/05/28 5:59 a.m.•5 views

Exploits0References4

CVE-2026-44604

RedhatCVE•added 2026/05/28 5:59 a.m.•4 views

CVE-2026-44604

CVE•added 2026/05/28 5:59 a.m.•11 views

CVE-2026-44604

CVE-2026-44604 affects the RPM rpmuncompress utility. The vulnerability arises when extracting ZIP, 7z, or GEM archives to a destination directory: the archive’s top-level folder name is inserted into a shell command without proper sanitization, allowing a crafted archive with shell metacharacter...

Vulnrichment•added 2026/05/28 5:59 a.m.•2 views

CVE-2026-44604 Rpm: command injection in rpmuncompress dountar() via unescaped archive top-level directory name in popen() shell command

Cvelist•added 2026/05/28 5:59 a.m.•26 views

CVE-2026-44604 Rpm: command injection in rpmuncompress dountar() via unescaped archive top-level directory name in popen() shell command

7CVSS0.00023EPSS

ATTACKERKB•added 2026/05/28 5:59 a.m.•5 views

CVE-2026-44604

CNNVD•added 2026/05/28 12:0 a.m.•6 views

rpm 操作系统命令注入漏洞

rpm is a powerful command-line-driven package management tool from the rpm organization. It is used for installing, uninstalling, verifying, querying, and updating software packages on Linux systems. rpm has a vulnerability related to operating system command injection. This vulnerability arises...

7CVSS6.1AI score0.00023EPSS

CNNVD•added 2026/05/28 12:0 a.m.•8 views

AnythingLLM 后置链接漏洞

AnythingLLM is an integrated AI application developed by Mintplex. Versions of AnythingLLM prior to 1.13.0 contained a post-link vulnerability. This vulnerability stemmed from the file system replication tool only verifying the top-level source and target paths. The recursive replication assistan...

2.5CVSS5.8AI score0.00018EPSS

Exploits1References2

OSV•added 2026/05/26 11:38 p.m.•2 views

GHSA-9RFG-V8G9-9367 Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring

Summary An attacker can make use of JSON-LD features to restructure a JSON-LD document that would change how Fedify interprets it without changing its Linked Data Signature, allowing them to alter a third-party signed activity they have received. Details The vulnerability essentially boils down t...

7CVSS5.7AI score

Patchstack•added 2026/05/26 8:4 a.m.•3 views

WordPress Top Dog theme <= 1.0.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Top Dog versions = 1.0.5...

5.8AI score

Exploits0Affected Software1

CVE•added 2026/05/23 2:30 p.m.•44 views

CVE-2026-9305

CVE-2026-9305 affects QuantumNous new-api self Endpoint up to version 0.12.1. The vulnerable element is the functions SearchUserTopUps and SearchAllTopUps in file model/topup.go, enabling a SQL injection via remote exposure. Public exploit availability is claimed. No remediation details are provi...

6.5CVSS6.4AI score0.00031EPSS

Exploits0References5

Packet Storm News•added 2026/05/23 12:0 a.m.•5 views

CyBOKClaw: Human-In-The-Loop CyBOK Mapping for Cybersecurity Curriculum

This paper presents CyBOKClaw, an interpretable human-in-the-loop retrieval framework for mapping cybersecurity keywords or phrases KWoPs to the Cyber Security Body of Knowledge CyBOK. Rather than treating the task as strict exact classification, the framework is designed as a top-k candidate...

5.8AI score